Companies creating portfolio of intellectual property assets need to comply with the provisions of the IT Act. In India, the IT Act (Information Technology Act, 2000) is the main law that is applicable for electronic transactions executed over the eCommerce platforms. The various aspects of such transactions are governed by the IT Act, along with the provisions of the contract laws, data protection laws, and consumer protection laws. It is common for companies to develop valuable intangible assets by way of patents, trademarks, designs and copyrights, which result in innovative products that are sold across eCommerce or digital platforms.
There is often an ambiguity about data privacy and information technology law in the U.S., especially given the fact that Congress has not completed development of meaningful data privacy laws. There is no single overarching federal law that regulates personal data privacy in the United States. Instead, there is a complicated patchwork of medium and sector-specific laws and regulations, including regulatory rules from the Federal Trade Commission and state consumer protection agencies. Only the courts can decide on the interpretation of these laws, so it is important for companies to engage in good faith communication with customers and provide them with the assurance of safekeeping of their personal information.
There are a number of pieces of legislation that have been passed in recent years to improve the privacy of consumers and increase data protection. The Financial Service Authority was created by the FRCPA to implement and enforce regulations regarding the privacy of credit data. This law also authorizes the controller and the agency to work together to improve the security of databases used for consumer billing. It is important for businesses to remember that this legislation was written to supplement and strengthen the FCRA and other similar statutes.
For instance, the FCRA establishes the rights of consumers to challenge inaccurate and incomplete data collection but does not limit or alter the rights of businesses to retain that information. The Privacy Improvement Act (PIA) requires business networks and servers to clearly define data privacy laws and establish procedures for addressing identity theft and security threats. Both PIA and FTCA impose penalties on companies that fail to comply with their information security requirements. For example, in 2021 the FTCA effectively banned the collection of confidential consumer data by direct marketing companies without the authorization of the consumer. Similarly, a number of State Laws have passed statutory limitations on the collection of sensitive personal data by service providers, retailers, and credit card companies.
The Information Technology Act 2000 (IT Act) was introduced to govern the laws relating to cybercrimes and electronic commerce. Adapting the UNICITRAL Model Law on International Commercial Arbitration the bill was passed in 2000. It contains 94 sections that are divided into 13 chapters and 4 schedules with jurisdiction over any networks situated within the country regardless of the nationality of the user. The Act recognizes electronic records and digital signatures as a means to ensure electronic governance and prescribes penalties for instances of cybercrimes.
This Act additionally amended the Indian Penal Code 1860, the Indian Evidence Act and others, intending to ensure that the following objectives are followed, legal recognition is given to all conveyances via electronic exchange of data or other electronic means in place of the paper-based communication, digital signature gaining recognition to prove the authentication of any data or matter that requires necessary legal authentication, facilitating the electronic storage of data, ensuring the electronic filing of papers under any government agencies, and, allowing the bankers to keep records in electronic form.
In 2008, the Information Technology (Amendment) Act, 2008 came into effect from October 2009. This Act was brought to accommodate the growth of IT through enabling security. The Amendment brought changes to the term “Communication Device” by ensuring it reflects current use allowing electronic signatures and contracts. This makes an IP owner responsible for the content showcased through its means. Further entities are made far more responsible for ensuring effective data security practices and enabling penalties for breaches.
The improved Act tightens the procedure of monitoring and intercepting information to stop Cyber Crimes. The Act introduces a system of an electronic signature as per the international law and recognizes the jurisdiction of the Computer Emergency Response Team-India (CERT-In) as a national agency to administer the website under certain circumstances to ensure computer security. This gives the agency to intercept, monitor, and block websites Suo-moto.
Also, Section 80 of the Act was amended to allow the Inspector of Police to carry out investigations regarding cybercrime cases. Furthermore, section 69 allows the Central or State Government or any other government authorized body to intercept information that is generated through any computer resource to ensure the interest of sovereignty and integrity of India is always kept. The CERT-In is the nodal authority that issues the instructions for blocking a certain website through the Department of Telecommunication (DoT) – Latest Release (LR Cell). These systematic amendments were brought about with the purpose to ensure the “balanced flow of information”, removing the websites that engage in hate content, racism, violence, and pornography (specifically Child Pornography).
The Amendments also encompasses the new types of cybercrimes with importance given to Source Codes. These are protected under Section 65 with a punishment of 3yrs or fine of 2lakhs or both, for destruction, concealment, and alteration. Besides Source Code Tampering Act acknowledges Hacking under Section 66 as a punishable offense with imprisonment up to 3yrs or fine of 2 lakh or both.